Fun with Counterintelligence
Update: The Guardian story and title for the document was modified slightly while this post was being written. Greenwald’s story now contains the note about terrorists captured by XKEYSCORE data, and the “full document” is specified to be from 2008. The Guardian has not yet published any “full documents” from after 2008, which leaves the questions about Greenwald’s extra screen captures intact and awaiting an answer.
The Guardian has published the details of yet another surveillance program being run by the NSA. In typical fashion, Glenn Greenwald fails to distinguish between technical capabilities and legal restrictions:
But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.
Yet despite allegations that some analysts have exceeded their authorities with this program, Greenwald does not actually demonstrate widespread abuse — merely the potential for abuse should an analyst ignore the law and NSA-specific regulations. In fact, Greenwald even notes that the collection program as described in the slides is perfectly legal:
While the Fisa Amendments Act of 2008 requires an individualized warrant for the targeting of US persons, NSA analysts are permitted to intercept the communications of such individuals without a warrant if they are in contact with one of the NSA’s foreign targets.
That law was passed five years ago. It didn’t need a top secret disclosure to prompt fears of overreach, since he quotes public statements from years ago issuing concern about this program and others like it. The Guardian also posted the full slide deck (I’m only linking but not posting it, since the slides are marked TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL). Reading it reveals some neat information now in the public:
- The NSA has a global cluster of hundreds of parallel Linux servers to do number crunching and collection. Some of these servers (slide 6) are located in fascinating locations, like Lagos, Luanda, Lusaka, Moscow, Beijing, Khartoum, somewhere in Somaliland (Hargeisa?), Jeddah, Cairo, Tunis, Algiers, Karachi, and… well you get the point. Few to none of them are located here, which suggests the intent of this program is not oriented on the U.S. It’s almost a given that organizations and governments in these locations will be out to identify, intercept, or destroy those servers now.
- Despite Greenwald’s claims that XKEYSCORE allows analysts to indiscriminately read emails, the slides themselves refer only to indexing and metadata (i.e., header information). It also shows that analysts are trained to look for “anomalous” information, like high levels of encryption or speaking a language not native to a given area, for further scrutiny. There are a number of ways to modify communications hostile organizations can implement to avoid this sort of mass-anomalous significance.
The last point is especially relevant: Greenwald presents grainy, low-resolution screencaptures of powerpoint slides and alleges that NSA analysts can read the full content of emails in real time. But the slides his editors posted in PDF form do not demonstrate that capability.
These two bullet points also suggest why U.S. officials are so worried and angry over these disclosures. Supporters of these leaks seems to want it both ways: these documents reveal horrible excesses to the public, yet they don’t do any harm at the same time. There is clearly a risk in revealing this information — according to the slides, XKEYSCORE has generated the intelligence necessary to capture “over 300 terrorists” since it was brought online, a key detail Greenwald neglects to mention in his story.
To their credit, the Guardian editors redacted Slides 22, 29, and 30, which they claim “reveal specific NSA operations.” Considering the volume of specific NSA operations in the rest of the slide deck, like how they search for actionable intelligence, it’s a baffling decision.
But here’s what I find even more interesting. Greenwald posts screenshots of this program in multiple places in his story. In the section subtitled “Email Monitoring,” he shows a menu of options for an analyst to perform an “Email Query” using XKEYSCORE. Yet that slide is not present in the documents the Guardian posted to their website. One screenshot even shows specific, detailed technical information from a sample query.
Is this the information the editors felt was too sensitive to publish? If so, why did they allow Greenwald to publish it on their site, but not in the full document? If not, then where is Greenwald getting these screenshots? Some of them are clearly cropped from larger slides, since they don’t display either classification markings or the general template for XKEYSCORE. Many others reveal detailed, technical, specific operational components of this program. So what’s the deal?
In early June, the New York Times profiled Greenwald and noted he wrote for Salon, and now writes for the Guardian, with very little editor input — often none. For some reason, the Guardian editors felt some slides in XKEYSCORE were too sensitive to publish in full, yet Greenwald is nevertheless publishing slides that contain the very sort of information they say is too sensitive to release.
Something does not add up. Greenwald is posting far more slides than what the Guardian says are in the “full” presentation, and he is presenting information his own editors clearly feel is too sensitive to publish. I want to know: why?